California’s Age-Appropriate Design Code (AADC) was temporarily blocked by a federal court judge who found that the law likely violates the First Amendment and does “not pass constitutional muster.” The preliminary injunction, issued Sept. 18, 2023, prevents regulators from enforcing the AADC, which restricts how digital platforms treat minors’ information, among other requirements.

The lawsuit was brought by NetChoice, LLC, a trade group that represents big tech companies. The litigation’s goal is to strike down the AADC on the grounds that it violates the First and Fourth amendments and the due process and commerce clauses of the U.S. Constitution and is preempted by the federal Children's Online Privacy Protection Act (COPPA) and Section 230 of the Communications Decency Act (CDA).

The AADC imposes restrictions on digital platforms’ ability to collect, sell, share and retain the personal information of minors under 18. It also mandates other steps, such as preparing data protection impact assessments to identify potential risks of products and services likely to be accessed by children. Among the AADC’s most significant requirements is that services must configure privacy settings by default to the highest level of privacy, which could eliminate a business’ ability to engage in targeted advertising to any California consumer under the age of 18.

The Court’s Decision

The court agreed with NetChoice’s argument that the AADC violates free speech rights under the First Amendment, as it targets specific speakers — a segment of for-profit entities, but not governmental or nonprofit entities — that would be restricted in collecting and using minors’ personal information.

The court also explained that undertaking certain tasks, like assessing how an online platform could be harmful to children and limiting the availability of certain information by some speakers, but not others, involves the regulation of covered speech that is entitled to constitutional protection.

In applying the level of scrutiny to the law, the court declined to subject the AADC to strict scrutiny, instead agreeing with California Attorney General Rob Bonta that the lower standard of intermediate scrutiny is appropriate for commercial speech.

Even under intermediate scrutiny, the court concluded that certain provisions of the AADC would likely be invalid, particularly the requirement to conduct a data protection impact assessment, high default privacy settings, the mandate to estimate a child’s age to provide them with appropriate protections and the prohibition on dark patterns.

The court ultimately temporarily blocked the entire law, rather than just the challenged provisions, agreeing with NetChoice that these requirements cannot be functionally severed from the remainder of the “presumably valid” statute.

The Future of AADC and Other Privacy Laws

As a result of the court’s preliminary injunction, the AADC cannot take effect until the case is resolved, which could delay the AADC’s July 1, 2024  effective date.

This preliminary injunction is not the end of new laws targeting greater privacy protections for children. The Children and Teens’ Online Privacy Protection Act (a/k/a COPPA 2.0) was approved by the Senate Commerce Committee in July and is awaiting a vote by the full chamber. COPPA 2.0 would bring several significant changes, including raising the age for a child to consent to most processing of their personal information from age 13 to 16.

The Bottom Line

  • The AADC was championed as a ground-breaking law that provided greater protections to children and teens online.
  • The AADC is in jeopardy after a court concluded that certain of its provisions would likely be invalid and temporarily blocked the law.
  • The court’s decision is a win for First Amendment rights but a loss for children’s privacy advocates who are fighting for stronger protections for minors online.